or subscribe with
Join 15,000+ readers for one email each week.
Digests » 464
this week's favorite
In this post, I'm trying my best to compress everything I know about what makes a good API. An API, that your consumers will enjoy using. All tips are language-agnostic, so they apply to any framework or technology.
This is the scenario I was facing during a pentest. The target was a windows server, running a VDI — VMware Horizon. You log into the VDI using your active directory account and get access to a limited browser that only allows you to use a single application, no internet connection.
A couple of people asked how to do this, so I wanted to explain how because it’s pretty straightforward. We’ll also talk a tiny bit about what can go wrong, ethical issues, and how this applies to your undocumented APIs.
I view the field of software development as a big logical system with highly interconnected and complex parts. Understanding such a big system naturally requires having an excellent grasp on the tools used to build them. And the most fundamental one is logic itself. What follows from what, what are the starting-points or the elementary parts, what are the ways of composing these into more complex ones, ways to spot complete non-sense in the system and how to decompose the complex parts back to more fundamental ones to check their consistency and truth. The following book list contain titles that are all playing fields for one to start experimenting with such systems and gain the required confidence that one can master them.
Here's a concept: "ssh to prod and edit directly on the machine" is generally bad news.